A security policy states that all applications on the network must have a password length of eight
characters. There are three legacy applications on the network that cannot meet this policy. One
system will be upgraded in six months, and two are not expected to be upgraded or removed from
the network. Which of the following processes should be followed?

A systems administrator establishes a CIFS share on a Unix device to share data to windows
systems. The security authentication on the windows domain is set to the highest level. Windows
users are stating that they cannot authenticate to the Unix share. Which of the following settings
on the Unix server is the cause of this problem?

Company XYZ provides hosting services for hundreds of companies across multiple industries
including healthcare, education, and manufacturing. The security architect for company XYZ is
reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple
physical hosts through the use of virtualization technologies. The security architect notes concerns
about data separation, confidentiality, regulatory requirements concerning PII, and administrative
complexity on the proposal. Which of the following BEST describes the core concerns of the
security architect?

A security architect is designing a new infrastructure using both type 1 and type 2 virtual
machines. In addition to the normal complement of security controls (e.g. antivirus, host
hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store
cryptographic keys used to sign code and code modules on the VMs. Which of the following will
meet this goal without requiring any hardware pass-through implementations?

A Linux security administrator is attempting to resolve performance issues with new software
installed on several baselined user systems. After investigating, the security administrator
determines that the software is not initializing or executing correctly. For security reasons, the
company has implemented trusted operating systems with the goal of preventing unauthorized
changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is
set to:

A security auditor is conducting an audit of a corporation where 95% of the users travel or work
from non-corporate locations a majority of the time. While the employees are away from the
corporate offices, they retain full access to the corporate network and use of corporate laptops.
The auditor knows that the corporation processes PII and other sensitive data with applications
requiring local caches of any data being manipulated. Which of the following security controls
should the auditor check for and recommend to be implemented if missing from the laptops?